From aa37a64889eeb931c76a746de975b0ec55a66851 Mon Sep 17 00:00:00 2001 From: Drazen Date: Tue, 7 Oct 2025 16:18:44 +0200 Subject: [PATCH 1/3] Ciphers-change-nginx-template --- big_commit.txt | 488289 ++++++++++++++++++ roles/debian/nginx/templates/nginx.conf.j2 | 4 +- 2 files changed, 488291 insertions(+), 2 deletions(-) create mode 100644 big_commit.txt diff --git a/big_commit.txt b/big_commit.txt new file mode 100644 index 000000000..93c8635ac --- /dev/null +++ b/big_commit.txt @@ -0,0 +1,488289 @@ +commit 6376946df44cbe4b672815b3bb69529acab05c17 +Author: Greg Harvey +Date: Fri Nov 10 14:20:59 2023 +0100 + + Devel 2.x (#1216) + + * R62347 fix postfix mail delivery pr devel (#791) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an includ… + + * Awscli version support pr devel (#793) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for… + + * Pin aws collection version pr devel (#796) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file… + + * Fix ce provision vars pr devel (#798) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for … + + * First attempt at an ELB role (#800) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Aws lb role pr devel (#801) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Fix debian release issues pr devel (#802) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file … + + * Linting fixes pr devel (#804) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML adm… + + * Aws lb role pr devel (#806) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Aws lb role pr devel (#807) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Linting fixes pr devel (#808) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML adm… + + * Aws lb role pr devel (#809) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Aws lb role pr devel (#810) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Aws lb role pr devel (#811) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Aws lb role pr devel (#812) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Linting fixes pr devel (#813) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML adm… + + * Aws lb role pr devel (#815) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Apache nginx tweaks pr devel (#817) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Asg no alb pr devel (#820) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins… + + * Ipv6 support pr devel (#822) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#823) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#824) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#825) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#826) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#827) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#828) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#829) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Linting fixes pr devel (#831) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML adm… + + * Ipv6 support pr devel (#833) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Ipv6 support pr devel (#834) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Npm support pr devel (#836) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Npm support pr devel (#837) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * User deploy key fix pr devel (#839) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Support private keys pr devel (#841) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Support private keys pr devel (#843) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Support private keys pr devel (#844) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Support private keys pr devel (#845) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Support private keys pr devel (#847) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Aws cli for ce roles pr devel (#848) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Efs role namespacing pr devel (#850) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Efs role namespacing pr devel (#852) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Make nginx ssl protocols modifiable pr devel (#853) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an inc… + + * Opcache vars pr devel (#854) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admi… + + * Namespacing fixes pr devel (#857) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Suppress ec2 creation pr devel (#867) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for … + + * Suppress ec2 creation pr devel (#869) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for … + + * Suppress ec2 creation pr devel (#870) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for … + + * Suppress ec2 creation pr devel (#871) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for … + + * Remove eip plugin pr devel (#795) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Linting fixes pr devel (#874) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML adm… + + * Namespacing fixes pr devel (#877) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Namespacing fixes pr devel (#879) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Namespacing fixes pr devel (#881) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Namespacing fixes pr devel (#883) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Namespacing fixes pr devel (#885) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Namespacing fixes pr devel (#886) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Namespacing fixes pr devel (#888) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mysql client options pr devel (#890) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Mysql client options pr devel (#893) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Ec2 instance refresh pr devel (#895) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Clamav cron pr devel (#898) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Clamav cron pr devel (#901) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Clamav cron pr devel (#902) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Clamav cron pr devel (#903) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Mattermost config pr devel (#904) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#907) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#909) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#910) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#911) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#913) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#915) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Mattermost config pr devel (#917) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Sl le flags pr devel (#919) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admin… + + * Mattermost config pr devel (#921) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML… + + * Apache role files block pr devel (#926) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file fo… + + * Fixed apache role files block pr devel (#928) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include f… + + * Lhci: Debian backports only for Buster (#897) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include f… + + * R64279 fix nsswitch template pr devel (#929) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include fi… + + * R64239 disable nginx version in headers pr devel (#932) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an… + + * Ec2 instance refresh pr devel (#936) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for S… + + * Remove opcache pr devel (#934) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML ad… + + * Set python version pr devel (#938) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAM… + + * Set python version pr devel (#940) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAM… + + * Set python version pr devel (#941) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAM… + + * Wazuh pr devel (#943) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#945) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#946) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#947) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#948) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#949) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#950) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Wazuh pr devel (#951) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * R64516 give nginx time to stop before certbot pr devel (#953) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and add… + + * Wazuh pr devel (#955) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * Undoing PR #542. + + * Wazuh pr devel (#957) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + … + + * R62850 install procmail pr devel (#958) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file fo… + + * Fix ci and docs pr devel (#960) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML a… + + * Sudo role pr devel (#962) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins.… + + * Sudo role pr devel (#964) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins.… + + * Sudo role pr devel (#966) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins.… + + * Sudo role pr devel (#968) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins.… + + * Unattended upgrades pr devel (#970) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#972) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#973) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#974) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#975) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#976) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#977) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Unattended upgrades pr devel (#978) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Sudo fix pr devel (#981) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + … + + * Unattended upgrades pr devel (#979) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Allow user to set cachetool version in the opcache role. (#665) + + * Allow user to set cachetool version in the opcache role. + + * Adding a comment for a future improvement. + + * Adding a 'repack' option for AMIs and ASGs. (#675) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Ami repack option pr 1.x (#707) + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + * Fixing EC2 instance look-up to use cluster name. + + * Separating AMI provisioning tasks into a tasks file that can be included. + + * Refactoring AMI operation to allow current behaviour to remain default. + + * Trying to delegate tasks to target repack instance. + + * Switching from import_tasks to include_tasks. + + * Fixing the instance DNS name var. + + * Changing approach to make a standalone machine to generate AMI from. + + * Gah! Typo! + + * AMI generation requires region and profile. + + * Didn't wrap instance_id lookup properly. + + * Fixing some missing namespaces. + + * Missed a bad var when fixing. + + * Adding full set of variables for EC2 instance. + + * Fixing AWS SSH key name. + + * Decided not to use the EC2 + EIP role. + + * Trying to add a pause after instance launch. + + * Passing the target branch to Ansible as a var. + + * Support absolute paths to playbooks. + + * Refactoring to make ce-provision call itself for AMI packing tasks. + + * Doubled up the script path. + + * Switching to base dir var for ce-provision call. + + * Moving temp EC2 instances for AMI creation to subnet with IGW. + + * State of EC2 instance needs to be started instead of running. + + * We need to delete the AMI we created before making another one. + + * Refactoring AMI repack variables for readability and removing volume size. + + * Missed a refactored var. + + * Defending against AMI volume size issues for ASGs. + + * Refactoring extra vars handling. + + * For some reason Packer seems to double the brackets. + + * Revert "For some reason Packer seems to double the brackets." + + This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. + + * Fixing packer.json white space. + + * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. + + * Slight refactor to move the extra vars building to the relevant included tasks. + + * Slight documentation change. + + * Moved config extra vars to ce-provision as they are globally sane. + + * Error in jinja list building for RDS. + + * Trailing VPC ID fields using the wrong variable. + + * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) + + * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) + + * Add a task in ASG role to add an Aurora RDS endpoint. (#714) + + * Ssl le fixes pr 1.x (#725) + + * Allow multiple domains to be passed. + + * Ensuring we don't break older implementations. + + * First pass at a bash script we can run on cron for LE renewals. + + * Place the autorenewal script and create a cron entry. + + * Allowing the HTTP-01 listen port to be set to something other than 80. + + * Need single quotes within our double quotes. + + * Adding optional proxy for LE. + + * Revert "Adding optional proxy for LE." + + This reverts commit cf5720b450744915872eacafee82164300df90aa. + + * Adding support for apache and nginx plugins for certbot. + + * Fixing quote error. + + * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. + + * Fixing issue with selecting first domain. + + * Correcting variable names. + + * LE cron template missing an endfor. + + * Missing carriage return in LE cron script. + + * Turns out you can't alter facts passed in via vars by include_role. + + * Fixing SSL defaults. + + * Realised if there are multiple different LE runs each needs it's own renewal cron. + + * Ensure builds don't fail if ssl.web_server isn't provided. + + * Defending against empty SSL services list. + + * Improving vhost template LE handling. + + * Adjusting SSL cert and key var names. + + * Adding a temporary vhost so newly added domains can request LE certs. + + * Tabbing error. + + * Fixing possible 'resolver' errors in Nginx if you use localhost. + + * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. + + * Tweaking Nginx LE handling and making certbot commands customisable. + + * Fixing minor typo. + + * Trying giving include_role the public flag. + + * Documentation updates. + + * Adding default value to Nginx vhost template. + + * Move drupal8 install/update config to drupal_common under if local block. (#733) + + * WIP: 58848 apache role pr 1.x (#667) + + * Catching up devel. (#243) + + * Devel (#175) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + Co-authored-by: EmlynK + + * Override fastcgi_read_timeout in Nginx (#41) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Add ability to override Nginx fastcgi_read_timeout value. + + Co-authored-by: Greg Harvey + + * Generate saml sso requirements devel (#42) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + Co-authored-by: EmlynK + + * Generate saml sso requirements devel (#43) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Wrapping the LinOTP code in the SAML template in an 'if' statement. + + * Extending the check to make sure LinOTP var isn't empty. + + * Removing references to LDAP in SAML groups attribute config, no need to assume. + + * Adding docs for the aws_iam_saml role. + + Co-authored-by: EmlynK + + * Adding aws_iam_saml docs (#45) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) + + * Generate saml sso requirements 1x (#44) + + * Wrong filter for efs info + + * Fix indentation error + + * Do not purge tags on existing EFS + + * Wrong name for updating EFS targets + + * Remove leftover loop + + * Fix error in subnet gathering + + * Split EFS creation + + * Use subnet ids + + * Wrong var name + + * Remove dead code + + * Wrong var + + * Missing subnet ids + + * Try not to loose existing SGs + + * Try to dedupe targets + + * Wrong syntax for combine + + * Typo in combining tupples + + * Wrong var name for append items + + * Fix appending subnets + + * Wrong list transformation + + * Switch to community module for efs + + * Remove unecessary complexity + + * Update documentation + + * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. + + * Remove replace_batch_size from ASG creation task, so it now defaults to 1. + + * Wrap Postfix handler commands in quotes. (#26) + + * Try using shell instead of command in Postfix handlers. + + * GitHub Actions integration (#29) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) + + Co-authored-by: Emlyn Kinzett + + * Fix alb health check (#31) + + * It's traffic-port, not target-port. Doh. + + * Update documentation. + + Co-authored-by: Emlyn Kinzett + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Generate saml sso requirements (#33) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Generate saml sso requirements devel (#36) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * Cleaning variables to be generic and improving LDAP role handling. + + Co-authored-by: EmlynK + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Generate saml sso requirements devel (#37) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Adding note on existence of 'config' directory for de-deploy to work. + + * Adding link to provided example config directory. + + Co-authored-by: EmlynK + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SAML admins. + + * Renaming template file for SAML admins. + + * phpfpm variables (#38) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. + + Co-authored-by: Greg Harvey + + * Adding tasks for handling SimpleSAMLphp repo actions. + + * Refactoring git commits to defend against existing files causing commit fails. + + * Moving X509Certificate to a variable. + + * Generate saml sso requirements devel (#39) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Adding AWS CLI and credentials files to local ce-dev. + + * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. + + * GitHub actions into v1. (#30) + + * Adding Super Linter workflow for GitHub Actions. + + * Adding the documentation checker. + + * Getting GitHub Actions to continue on failure. + + * Seeing if Git exists. + + * Missing space. + + * Re-adding the checkout and the git commands. + + * Trying Pascal's script. + + * Adding both lines to the same 'run' command. + + * GitHub Actions wtf - splitting into two steps. + + * Trying steps on branch name. + + * Trying steps on branch name AGAIN. + + * Would be good to get the syntax right. + + * Trying different quotes. + + * Checking the contents of the github.ref variable. + + * Trying to add in Pascal's testing step. + + * Adding in /bin/sh to hopefully make test.sh run. + + * Google says try it with /bin/bash. + + * Trying a different Ubuntu version. + + * Installing net-tools to have ifconfig. + + * Updating testing shell (#28) + + * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) + + * Fixing test.sh to explicitly call bash. + + GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. + + Co-authored-by: EmlynK + + * We probably don't need /bin/bash + + * Making test.sh executable. + + * Checking shell. + + * Explicitly setting shell to bash in provision.sh. + + * Trying ubuntu-16.04 as Travis used this. + + * Putting shell back. + + * Update provision.sh + + * Making /bin/bash the shell. + + * Making /bin/bash the shell for provision. + + * Explicitly stating bash again in YML. + + * Turns out the mkcert binary is out of date. + + * Compiled mkcert from source. + + * Fixing curl error. + + * Switching to wget. + + * Starting the linter again and renaming job. + + * Only lint changed files. + + * Linting a non-existent branch! + + * Tidying the documentation check. + + * Revert "Making /bin/bash the shell for provision." + + This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. + + * Revert "Making /bin/bash the shell." + + This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. + + * Revert "Tidying the documentation check." + + This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. + + * Swapping Super-Linter for ansible-lint. + + * Running ansible-lint directly in the container. + + * Updating to latest Ubuntu. + + * Revert "Fixing test.sh to explicitly call bash." + + This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. + + * Fixing ansible-lint issues. + + * Revert "Fixing ansible-lint issues." + + This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. + + * Removing old travis config. + + * Spacing issue fix. + + * Running tests on pull_request only. + + Co-authored-by: EmlynK + + * Cleaning variables to be generic and improving LDAP role handling. + + * Adding modified iam_alis module found on GitHub. + + * Adding management of IAM account alias. + + * Revert "Merge branch 'devel' into generate_saml_sso_requirements" + + This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing + changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. + + * Fixing conflict with ce-dev/README.md. + + * Adding a template for SimpleSAMLphp account SPs. + + * Renaming template file for SAML and adding an include file for SA… + + * Sudo fix pr devel (#983) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Opensearch pr devel (#985) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Adding new AWS OpenSearch role. + + * Adding new lines. + + * Le fixes pr devel (#988) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. + + * Hostname handling pr devel (#990) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. + + * Hostname handling pr devel (#992) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr devel (#993) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Read only efs handling pr devel (#995) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. + + * Read only efs handling pr devel (#997) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Read only efs handling pr devel (#997)" (#998) + + This reverts commit b46b3642320665f9647f87d4dba6bdf56c8d4125. + + * Revert "Read only efs handling pr devel (#995)" (#999) + + This reverts commit 02baa1c6635515a7fe6cf72721698b81f9906dc7. + + * Read only efs handling pr devel (#1001) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Read only efs handling pr devel (#1001) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Cloudwatch alarms pr devel (#1004) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. + + * Cloudwatch alarms pr devel (#1006) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr devel (#1008) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr devel (#1010) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Le reload on renew pr devel (#1012) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Ldap le group pr devel (#1014) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. + + * Improved rkhunter conf pr devel (#1016) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr devel (#1018) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * Rkhunter command pr devel (#1020) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command + + --------- + + Co-authored-by: Greg Harvey + + * Rkhunter command pr devel (#1023) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command + + * add_quotes + + --------- + + Co-authored-by: Greg Harvey + + * Bug fixes pr devel (#1024) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1026) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1027) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1028) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1031) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1033) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1036) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1039) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1040) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1041) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1042) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1043) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1044) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1046) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Bug fixes pr devel (#1051) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Lhci software versions pr devel (#1049) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Allowing setting of package versions for LHCI. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Fix pyyaml pr devel (#899) + + * Fixing PyYAML version issues with linters. + + * Tweaking order to ensure we have clean Ansible before we install other packages. + + * cloud-init needs to come from Apt. + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Removing leaked devel changes. + + * Removing leaked devel changes. + + --------- + + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + + * Optional linters pr devel (#1054) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + … + + * Bug fixes pr devel (#1056) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1058) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1060) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1062) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Pin community.aws to v5.5.0 (#1063) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set t… + + * Bug fixes pr devel (#1065) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1067) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * R65626 rkhunter ssh config pr devel (#1070) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because … + + * Tidying up task output pr devel (#1072) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of L… + + * Apt extra packages cache update change pr devel (#1074) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in… + + * R65886 unattended upgrades schedule conf pr devel (#1084) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role … + + * Ecs clusters pr devel (#1088) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * Update defaults pr devel (#1080) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + … + + * Check that vars_dirs locations exist devel (#1082) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI b… + + * Sudo ldap config pr devel (#1092) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + … + + * Ecs clusters pr devel (#1090) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * LDAP endpoints already contain protocol. (#1096) + + * Ecs clusters pr devel (#1095) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * Ecs clusters pr devel (#1100) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * Ecs clusters pr devel (#1102) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * Ecs clusters pr devel (#1103) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * Ecs clusters pr devel (#1104) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * … + + * Bug fixes pr devel (#1105) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * R65800 unpin boto3 version pr devel (#1107) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because … + + * Bug fixes pr devel (#1111) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1113) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1115) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1117) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1119) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1121) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1123) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1126) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1128) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1130) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1131) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1132) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1133) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * R66519 r66187 fix postfix transport map db pr devel (#1135) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta rol… + + * Bug fixes pr devel (#1137) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Bug fixes pr devel (#1140) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + *… + + * Vhosts handling pr devel (#1142) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + … + + * Opensearch fix pr devel (#1144) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + … + + * Opensearch fix3 pr devel (#1146) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + … + + * Opensearch fix4 pr devel (#1148) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + … + + * Bug fixes pr devel (#1151) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fi… + + * Bug fixes pr devel (#1152) + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing di… + + * Bug fixes pr devel (#1153) + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * … + + * Bug fixes pr devel (#1155) + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh … + + * Bug fixes pr devel (#1157) + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature bra… + + * Bug fixes pr devel (#1159) + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to… + + * Bug fixes pr devel (#1160) + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need … + + * Bug fixes pr devel (#1161) + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to … + + * r66647-changing-cloudalchemy-to-prometheus + + * Bug fixes pr devel (#1163) + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds.… + + * Bug fixes pr devel (#1166) + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + … + + * R65629 update cron reload to use full service binary path pr devel (#1167) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the … + + * Bug fixes pr devel (#1172) + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS AP… + + * Duplicity apt to pip install role pr devel (#1174) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI b… + + * We dont need to json filter anymore pr devel (#1177) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI… + + * Ansible 2.15.3 bug workaround attempt pr devel (#1179) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in … + + * Bug fixes pr devel (#1181) + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management … + + * Bug fixes pr devel (#1183) + + * Fixing pipefail linting issues. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Missed one! + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS … + + * Rkhunter pkgmgr pr devel (#1184) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + … + + * R66858 updating aws efs client to use correct variables pr devel (#1190) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the de… + + * Bug fixes pr devel (#1192) + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domai… + + * Bug fixes pr devel (#1193) + + * Moving executable to args. + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains … + + * Bug fixes pr devel (#1195) + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#676) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra opti… + + * Bug fixes pr devel (#1197) + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Remove alb healthchecks pr 1.x (#673) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + * Adding a 'repack' option for AMIs and ASGs. + + * Adding an option to force a Packer rebuild in an ASG. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#676) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string… + + * R57339 adding autodiscovery block in dupal common pr devel (#1199) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy m… + + * Bug fixes pr devel (#1201) + + * Bug fixes pr 1.x (#1057) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Bug fixes pr 1.x (#1059) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Update amazon.aws to 5.5.0. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * Upgrading to Debian 11 for new machines. (#1061) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Pin community.aws to v5.5.0 (#1064) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Bug fixes pr 1.x (#1066) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Bug fixes pr 1.x (#1068) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * R65626 rkhunter ssh config pr 1.x (#1071) + + * r65626 fix rkhunter config to match sshd_config + + * add Protocol var for ssh template + + * tidying_up_task_output (#1073) + + * apt_extra_packages_cache_update_change (#1075) + + * r65886 unattended-upgrades schedule refreshes (#1085) + + * Update defaults pr 1.x (#1081) + + * Fixing up ce-provision defaults to latest stable or LTS versions. + + * Updating docs. + + * Adding ElastiCache role and docs for rkhunter and sshd. (#1089) + + * Adding handling for /etc/sudo-ldap.conf. (#1093) + + * Check that vars_dirs locations exist. (#1083) + + * LDAP endpoints already contain protocol. (#1097) + + * Ecs clusters pr 1.x (#1091) + + * Adding ElastiCache role and docs for rkhunter and sshd. + + * Re-ordering main tasks into a logical sequence and adding ECS creation. + + * Double name accidentally introduced. + + * Ecs clusters pr 1.x (#1101) + + * Adding ElastiCache role and docs for rkhunter and sshd. + + * Re-ordering main tasks into a logical sequence and adding ECS creation. + + * Double name accidentally introduced. + + * AWS LC migration to launch templates. + + * Forgot to add region, profile and tags for Elasticache. + + * Elasticache plugin doesn't support tags. + + * Adding subnet group creation. + + * Adding TODO for future memcached handling. + + * Removing deprecated 'warn' arg from shell. + + * Bug fixes pr 1.x (#1106) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * unpin boto3 version but leave ensure present task for now (#1108) + + * Adding extra deploy perms for ECS and minor fixes. + + * Bug fixes pr 1.x (#1112) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * Bug fixes pr 1.x (#1114) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Bug fixes pr 1.x (#1116) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Bug fixes pr 1.x (#1118) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Bug fixes pr 1.x (#1120) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Bug fixes pr 1.x (#1122) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Bug fixes pr 1.x (#1124) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Bug fixes pr 1.x (#1127) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Bug fixes pr 1.x (#1129) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Adding new AWS OpenSearch role. (#986) + + * Adding new AWS OpenSearch role. + + * Adding new lines. + + * move transport and sasl_passwd db generation from handler to task (#1136) + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Bug fixes pr 1.x (#1138) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Bug fixes pr 1.x (#1141) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * vhosts_handling (#1143) + + * vhosts_handling + + * opensearch typo fix + + * opensearch_fix (#1145) + + * fix policy file type (#1147) + + * opensearch_fix4 (#1149) + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Bug fixes pr 1.x (#1150) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Bug fixes pr 1.x (#1154) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Bug fixes pr 1.x (#1156) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Putting the ssh_server role higher up in meta plays. + + * Using jinja2 to set a default PermitRootLogin variable in rkhunter. + + * Missed an instance of galaxy management for ce_deploy. + + * Missed ANOTHER instance of galaxy management for ce_deploy. + + * Bug fixes pr 1.x (#1158) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix … + + * Bug fixes pr devel (#1203) + + * No loop for galaxy, so cannot use 'item'. + + * Bug fixes pr 1.x (#1059) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Update amazon.aws to 5.5.0. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * Upgrading to Debian 11 for new machines. (#1061) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Pin community.aws to v5.5.0 (#1064) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Bug fixes pr 1.x (#1066) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Bug fixes pr 1.x (#1068) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * R65626 rkhunter ssh config pr 1.x (#1071) + + * r65626 fix rkhunter config to match sshd_config + + * add Protocol var for ssh template + + * tidying_up_task_output (#1073) + + * apt_extra_packages_cache_update_change (#1075) + + * r65886 unattended-upgrades schedule refreshes (#1085) + + * Update defaults pr 1.x (#1081) + + * Fixing up ce-provision defaults to latest stable or LTS versions. + + * Updating docs. + + * Adding ElastiCache role and docs for rkhunter and sshd. (#1089) + + * Adding handling for /etc/sudo-ldap.conf. (#1093) + + * Check that vars_dirs locations exist. (#1083) + + * LDAP endpoints already contain protocol. (#1097) + + * Ecs clusters pr 1.x (#1091) + + * Adding ElastiCache role and docs for rkhunter and sshd. + + * Re-ordering main tasks into a logical sequence and adding ECS creation. + + * Double name accidentally introduced. + + * Ecs clusters pr 1.x (#1101) + + * Adding ElastiCache role and docs for rkhunter and sshd. + + * Re-ordering main tasks into a logical sequence and adding ECS creation. + + * Double name accidentally introduced. + + * AWS LC migration to launch templates. + + * Forgot to add region, profile and tags for Elasticache. + + * Elasticache plugin doesn't support tags. + + * Adding subnet group creation. + + * Adding TODO for future memcached handling. + + * Removing deprecated 'warn' arg from shell. + + * Bug fixes pr 1.x (#1106) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * unpin boto3 version but leave ensure present task for now (#1108) + + * Adding extra deploy perms for ECS and minor fixes. + + * Bug fixes pr 1.x (#1112) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * Bug fixes pr 1.x (#1114) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Bug fixes pr 1.x (#1116) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Bug fixes pr 1.x (#1118) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Bug fixes pr 1.x (#1120) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Bug fixes pr 1.x (#1122) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Bug fixes pr 1.x (#1124) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Bug fixes pr 1.x (#1127) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Bug fixes pr 1.x (#1129) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Adding new AWS OpenSearch role. (#986) + + * Adding new AWS OpenSearch role. + + * Adding new lines. + + * move transport and sasl_passwd db generation from handler to task (#1136) + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Bug fixes pr 1.x (#1138) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Bug fixes pr 1.x (#1141) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * vhosts_handling (#1143) + + * vhosts_handling + + * opensearch typo fix + + * opensearch_fix (#1145) + + * fix policy file type (#1147) + + * opensearch_fix4 (#1149) + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Bug fixes pr 1.x (#1150) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Bug fixes pr 1.x (#1154) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Bug fixes pr 1.x (#1156) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Putting the ssh_server role higher up in meta plays. + + * Using jinja2 to set a default PermitRootLogin variable in rkhunter. + + * Missed an instance of galaxy management for ce_deploy. + + * Missed ANOTHER instance of galaxy management for ce_deploy. + + * Bug fixes pr 1.x (#1158) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Putting the ssh_server role higher up in meta plays. + + * Using jinja2 to set a default PermitRootLogin variable in rkhunter. + + * Missed an instance of galaxy management for ce_deploy. + + * Missed ANOTHER instance of galaxy management for ce_deploy. + + * Updating autoscale docs and adding ansible.windows collection for Wazuh. + + * Bug fixes pr 1.x (#1164) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + … + + * Nginx css js handling for drupal10 pr devel (#1205) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI … + + * Nginx css js handling for drupal10 pr devel (#1207) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI … + + * Organizing nginx config pr devel (#1208) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of … + + * Drupal10 nginx rule order fix pr devel (#1210) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) + + * Sudo fix pr 1.x (#984) + + * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 + + * Making sudo_config role more flexible. + + * Improving nginx docs post-training. + + * Updating documentation files. + + * Minor LE SSL docs changes. (#989) + + * Adding the ability to set system hostname to hosts role. (#991) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Hostname handling pr 1.x (#994) + + * Adding the ability to set system hostname to hosts role. + + * Removing trailing space. + + * Adding new line at end of mailname.j2. + + * Adding the option to search for EFS file systems by ID. (#996) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) + + This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. + + * Read only efs handling pr 1.x (#1002) + + * Adding the option to search for EFS file systems by ID. + + * Slight EFS docs update. + + * Updating EFS docs. + + * Adding note on how to find creation_token. + + * Allowing empty lists for RDS cloudwatch alarms. (#1005) + + * Cloudwatch alarms pr 1.x (#1007) + + * Allowing empty lists for RDS cloudwatch alarms. + + * Removing presumption of AWS from gitlab_runner role. + + * Bug fixes pr 1.x (#1009) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Bug fixes pr 1.x (#1011) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) + + * Adding reload option for LetsEncrypt renewal. (#1013) + + * Adding reload option for LetsEncrypt renewal. + + * (Hopefully) fixing linting. + + * Missed a 'run' line. + + * Improved rkhunter conf pr 1.x (#1017) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Improved rkhunter conf pr 1.x (#1019) + + * Adding more variables for better control of rkhunter config. + + * Adding rkhunter docs. + + * Removing unnecessary quotes. + + * Defaulting automated rkhunter updates after apt runs. + + * rkhunter_web_command (#1021) + + * rkhunter_web_command + + * add_quotes + + * Bug fixes pr 1.x (#1025) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Bug fixes pr 1.x (#1032) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Bug fixes pr 1.x (#1034) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Bug fixes pr 1.x (#1037) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Bug fixes pr 1.x (#1045) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Bug fixes pr 1.x (#1047) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Bug fixes pr 1.x (#1052) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Allowing setting of package versions for LHCI. (#1050) + + * Fix pyyaml pr 1.x (#1053) + + * 58848 apache role pr devel (#668) + + * adding apache role + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Fixing some conf and vhost errors. + + * Removing empty line in gitlab_runner tasks. + + * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. + + Co-authored-by: Jean Pierre Dentone + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#669) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#671) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Remove alb healthchecks pr devel (#672) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Gitlab runner service override pr 1.x (#591) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI because of LDAP. + + * Changing dir perms and adding a force. + + * Debugging gitlab-runner directory creation issues in CI. + + * Fixing linting error. + + * Removing verbosity again but leaving 'stat' command in. + + * Pass db_cluster_identifier for RDS instance during ASG build (#600) + + * Pass RDS db_cluster_identifier, if present, during an ASG build. + + * Use correct variable name for RDS db_cluster_identifier. + + * Add a commented variable to ASG role for db_cluster_identifier so it's documented. + + * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) + + * Removing obsolete MySQL config option log_syslog from template. (#607) + + * GitHub Actions - Rebuilt documentation. (#536) + + Co-authored-by: Code Enigma CI + + * Consistent default region pr 1.x (#611) + + * Moving all region settings to _aws_region var and adding README update. + + * Documentation update. + + * No need for region, IAM SAML setup is global, (#617) + + * Support ebs encryption pr 1.x (#609) + + * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. + + * Setting more sane default instance sizes. + + * Adding more EBS options for ASGs. + + * Setting encryption to match AMI settings. + + * Setting encryption to match AMI settings. + + * We also need to dynamically set the ASGs own encrypt_boot var. + + * We need to merge the new branch changes before we can rebuild the docs. + + * Fixing merge command in CI. + + * Not sure toc.sh is actually executing. + + * Refactoring encrypt EBS flags to avoid detected loop condition in vars. + + * Safer CI, only adds .md files. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying to figure out CI logic for building docs. + + * Trying adding a git pull. + + * Setting git pull config options. + + * Reordering things. + + * Adding --allow-unrelated-histories to the git pull. + + * Trying a feature branch approach. + + * Forcing the GitHub action to fetch all git history. + + * Bad whitespace, naughty whitespace. + + * Trying a different PR action. + + * Do not merge the branch in, we only want the markdown changes. + + * Keeping the documentation branch clean. + + * We need to push a detached HEAD. + + * Do we need the checkout at all? + + * Adding a docs pull. + + * Allow install|update scripts in Drupal8+ (#599) + + * Add some flexibility to Packer (#633) + + * Add ability to pass on-error and force to Packer. + + * Add new Packer options to the ASG role as well. + + * Packer build options need to be declared before the file that is being built. + + * Allow Packer ssh_username to be set. + + * Making PHP >= 8.0 compatible (#634) + + * Packer VPC filtering (#638) + + * Add ability to set vpc_filter and subnet AZ for Packer builds. + + * Add fqcn-builtins to .ansible-lint warn_list for now. + + * GitHub Actions seemingly ignores warn_list. + + * Use simplified variables for Packer VPC stuff. + + * Only use one filter when filtering VPCs for Packer. + + * Cert management pr 1.x (#640) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Cert management pr 1.x (#642) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * Cert management pr 1.x (#644) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Cert management pr 1.x (#647) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Fix Nginx auth_message in vhost (#653) + + * Revert auth_message change in Nginx role for now. + + * Revert "Revert auth_message change in Nginx role for now." + + This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. + + * Add default for Nginx auth_message. + + * Cert management pr 1.x (#655) + + * Making sure we can't accidentally commit AWS API credentials. + + * Initial commit of ACM role. + + * Only pause for a get-certificate call if we want to export. + + * Updating docs. + + * Missed a couple of variables to update. + + * We cannot rely on the variable being nonexistent here. + + * Allowing ce-provision to set the basic auth message for Nginx. + + * Supporting SAN certs and tags on ACM certificates. + + * Fixing namespacing. + + * Auto-generating SSL certs for ALB and CloudFront. + + * More namespace fixes. + + * Fixing CI issue with missing AWS region var. + + * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. + + * Adding public IP option to LC config for ASGs. + + * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. + + * Fixing mistake in domains set_fact. + + * Fixing AnsibleUndefined bug caused by skipped task. + + * Handling multiple domain validations for SAN certs. + + * Fixing bad variable name. + + * Fixing ASG DNS entries so it adds entries for SAN cert domains too. + + * For DNS validation we should not use --domain-validation-options at all. + + * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. + + * Bad dict structure. + + * Improving multi domain handling for ASG DNS. + + * Supporting multiple CloudFront aliases for an ASG. + + * Adding options to disable sign-up, sign-in and private projects. (#663) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making ALB healthchecks optional and defaulting to disabled. (#670) + + * Making ALB healthchecks optional and defaulting to disabled. + + * Defaulting back to ELB health checks. + + * Making sure new clusters won't fail because no ALB yet. + + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + + * Ami repack option pr devel (#674) + + * GitHub Actions - Rebuilt documentation. + + * Need to check if is_local is defined in webserver meta dependencies. (#522) + + * Ce dev refactor pr 1.x (#518) + + * Making it easier to test with provision-target and ce-dev. + + * Moving the provision forcing var back to plays so _init has it. + + * Adding defaults vars and test script extra options. + + * Adding a web server test to CI. + + * examples string needs to be in quotes. + + * Making sure is_local and _ce_provision_force_play are available to the _init role. + + * Adding SSH keys to the provision user. + + * Adding a --force to the test script. + + * Explicitly adding vars to role. + + * Fixing _init behaviour and adding SSH key for web role. + + * Setting default PHP version to 7.4. + + * Looking up the generated ce-dev SSH key instead of hard-coding one. + + * We cannot run the ssh_server role locally, so excluding for tests of webserver role. + + * Trying to remove user_root.yml in case it's breaking CI. + + * Adding a verbose mode to the test script. + + * Exposing the command in the test script. + + * Trying hard-coded keys again. + + * Changing location of data dir for test containers. + + * Putting vars back and restricting CI to the 'web' example. + + * Adding backup handling to ldap_server. (#525) + + * Adding backup handling to ldap_server. + + * Improving SSL docs and handling perms for openldap and letsencrypt. + + * Cron user must be specified with file. + + * Running as root, do not need a 'sudo' in this cron. + + * Allowing 'gitLab' to disable Prometheus. (#530) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * GitHub Actions - Rebuilt documentation. (#526) + + Co-authored-by: Code Enigma CI + + * Prometheus pr 1.x (#533) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Add private files support for Drupal in Nginx. (#535) + + * Prometheus pr 1.x (#539) + + * Allowing 'gitLab' to disable Prometheus. + + * Booleans to use in jinja2 as strings must be cast as strings. + + * Tidying up CI and adding a GitLab test. + + * Fixing CI job description. + + * Adding a firewall config preset to open port 80 for LetsEncrypt. + + * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) + + * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) + + This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. + + * Backing out of Packer logging. + + * Moving key servers to a variable so we can set them. (#555) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Adding a reboot option to the patching role. (#557) + + * Add minimal support for Aurora RDS instances (#567) + + * Attempt to create an RDS read replica. + + * Use new task to create Aurora RDS instances. + + * Try and fix linting issues. + + * Don't pass max_storage variable for Aurora instances. + + * Remove more storage related vars from Aurora RDS instance creation task. + + * Add profile and region to read replica creation. + + * Try creating the Aurora read replica another way. + + * Add some debug info. + + * Work around the silly registering of variables in Ansible. + + * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. + + * Add some Aurora info to aws_rds README file. + + * Use reader instead of replica for Aurora readers. + + * Remove db_cluster_identifier variable from non-Aurora RDS task. + + * Gpg servers fix pr 1.x (#571) + + * Moving key servers to a variable so we can set them. + + * Allowing us to disable sending keys completely. + + * Oops, doubled up on existing functionality. + + * Fixing var name. + + * Using a pipe to grep with 'command' cannot work, refactoring. + + * Making CI use the meta deploy role to test gitlab. + + * We mustn't assume AWS servers for deploy and controller. + + * Support termination protection in EC2. (#573) + + * Support termination protection in EC2. + + * Fixing CI vars. + + * Fixing CI vars. + + * Fix managed SSL key perms and the variable used for the private key. (#575) + + * Ec2 subnet lookup pr 1.x (#583) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Ec2 subnet lookup pr 1.x (#589) + + * First pass at EC2 subnet detection. + + * Touching subnet file to ensure it exists. + + * Trying a different approach, file module didn't work. + + * Switching back to file module. + + * We need to create the directory for new servers too. + + * Bad variable name. + + * Changing subnet lookup order to check for defined subnet first. + + * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) + + * Fixing gitlab-runner overriders so upgrades do not break the runner. + + * Fixing override file template. + + * Hopefully fixing CI. + + * Making sure the service directory exists. + + * We cannot use the deploy meta role in CI becau… + + * Bug fixes pr devel (#1212) + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * Upgrading to Debian 11 for new machines. (#1061) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Pin community.aws to v5.5.0 (#1064) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Bug fixes pr 1.x (#1066) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Bug fixes pr 1.x (#1068) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * R65626 rkhunter ssh config pr 1.x (#1071) + + * r65626 fix rkhunter config to match sshd_config + + * add Protocol var for ssh template + + * tidying_up_task_output (#1073) + + * apt_extra_packages_cache_update_change (#1075) + + * r65886 unattended-upgrades schedule refreshes (#1085) + + * Update defaults pr 1.x (#1081) + + * Fixing up ce-provision defaults to latest stable or LTS versions. + + * Updating docs. + + * Adding ElastiCache role and docs for rkhunter and sshd. (#1089) + + * Adding handling for /etc/sudo-ldap.conf. (#1093) + + * Check that vars_dirs locations exist. (#1083) + + * LDAP endpoints already contain protocol. (#1097) + + * Ecs clusters pr 1.x (#1091) + + * Adding ElastiCache role and docs for rkhunter and sshd. + + * Re-ordering main tasks into a logical sequence and adding ECS creation. + + * Double name accidentally introduced. + + * Ecs clusters pr 1.x (#1101) + + * Adding ElastiCache role and docs for rkhunter and sshd. + + * Re-ordering main tasks into a logical sequence and adding ECS creation. + + * Double name accidentally introduced. + + * AWS LC migration to launch templates. + + * Forgot to add region, profile and tags for Elasticache. + + * Elasticache plugin doesn't support tags. + + * Adding subnet group creation. + + * Adding TODO for future memcached handling. + + * Removing deprecated 'warn' arg from shell. + + * Bug fixes pr 1.x (#1106) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * unpin boto3 version but leave ensure present task for now (#1108) + + * Adding extra deploy perms for ECS and minor fixes. + + * Bug fixes pr 1.x (#1112) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * Bug fixes pr 1.x (#1114) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Bug fixes pr 1.x (#1116) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Bug fixes pr 1.x (#1118) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Bug fixes pr 1.x (#1120) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Bug fixes pr 1.x (#1122) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Bug fixes pr 1.x (#1124) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Bug fixes pr 1.x (#1127) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Bug fixes pr 1.x (#1129) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Adding new AWS OpenSearch role. (#986) + + * Adding new AWS OpenSearch role. + + * Adding new lines. + + * move transport and sasl_passwd db generation from handler to task (#1136) + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Bug fixes pr 1.x (#1138) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Bug fixes pr 1.x (#1141) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * vhosts_handling (#1143) + + * vhosts_handling + + * opensearch typo fix + + * opensearch_fix (#1145) + + * fix policy file type (#1147) + + * opensearch_fix4 (#1149) + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Bug fixes pr 1.x (#1150) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Bug fixes pr 1.x (#1154) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Bug fixes pr 1.x (#1156) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Putting the ssh_server role higher up in meta plays. + + * Using jinja2 to set a default PermitRootLogin variable in rkhunter. + + * Missed an instance of galaxy management for ce_deploy. + + * Missed ANOTHER instance of galaxy management for ce_deploy. + + * Bug fixes pr 1.x (#1158) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto role to set version. + + * Updating Packer version and adding README. + + * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. + + * Making different tasks for pip3 per OS version. + + * Trying to install with pip3 and become: false. + + * Revert "Trying to install with pip3 and become: false." + + This reverts commit a47fdc72482ac6410956214113b173c760097421. + + * Installing nginx and mysql requirements for Python from apt in Debian 12. + + * Casting Linux major version as an int for comparison. + + * Only set cron updates for older Debian where pip3 is installed manually. + + * Adding README to boto3 role. + + * Some naming tidying up. + + * Preparing ldap_server role for Debian 12. + + * Preparing ansible role to work with Debian 12. + + * Ensuring cloud-init exists on EC2 instances. + + * Preparing ce_provision role for Debian 12. + + * Do not need extra pip3 lines now. + + * Tabbing error. + + * Restricting roles installed in containers. + + * Removing the build docs step so we just publish. + + * Adding AWS OpenSearch role docs. + + * Removing whitespace differences. + + * Adding bsd-mailx package to common_base so we always have the 'mail' command. + + * Supporting multiple LDAP servers for GitLab Premium. + + * Updating OpenSearch role docs. + + * Fix bug that causes plays with no directories provided to _init to fail. + + * Fixing variable for LDAP switch in Gitlab for CI builds. + + * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. + + * Seeing if a docker restart fixes DNS problems. + + * Adding a sudo to service restart. + + * Ensuring dnsmasq is present. + + * Using sudo for apt-get. + + * Adding Ansible verbosity and stopping resolved so dnsmasq can start. + + * apt needs resolved to fetch repos! + + * Playing with service order. + + * Commenting service handling. + + * Disabling GitLab tests. + + * Making requirements docs Debian version specific. + + * Putting the ssh_server role higher up in meta plays. + + * Using jinja2 to set a default PermitRootLogin variable in rkhunter. + + * Missed an instance of galaxy management for ce_deploy. + + * Missed ANOTHER instance of galaxy management for ce_deploy. + + * Updating autoscale docs and adding ansible.windows collection for Wazuh. + + * Bug fixes pr 1.x (#1164) + + * Fixing shell issues with new runners. + + * Putting quotes around basic auth password file for Nginx. + + * Must not surround SAN cert names with quotes for ACM. + + * Some LDAP services might not necessarily be there. + + * MySQL Server key out of date, moving to variable. + + * Incorrect MySQL repo key. + + * Trying a different key server. + + * Loading service information into ansible_facts. + + * Fixing vhost template bug that breaks LE. + + * Excluding firewall from container builds. + + * Fixing linting errors. + + * Trying to fix linter paths. + + * Removing trailing space in unattended-upgrades. + + * Fixing ansible.builtin namespacing for linting. + + * Fixing key-order linting issue in _init. + + * Got 'when' and 'block' the wrong way around. + + * One last ansible.builtin issue. + + * Fixing jinja in when. + + * Switching ignore_errors for failed_when. + + * Adding auto-upgrade cron to pip and ansible. + + * Create cron jobs to upgrade mandatory Galaxy collections. + + * Adding defaults for package upgrades. + + * Minor bug fix in galaxy handling. + + * Make sure we install galaxy collections as the controller user. + + * Literals need a double slash. + + * Adding Galaxy upgrades to ce-deploy as well. + + * Fixing inconsistent requirements.yml format for ce_deploy. + + * Fixing pipefail linting issues. + + * Missed one! + + * Adding executable to shell commands with pipefail set. + + * Moving executable to args. + + * Moving ansible-lint run to latest Ubuntu. + + * Trying the full Ansible namespace for ipsubnet() filter. + + * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. + + * Applying same galaxy changes to ce-provision. + + * No loop for galaxy, so cannot use 'item'. + + * Officially defaulting to Debian 11 (bullseye) for new machines. + + * Upgrading amazon.aws to v5.5.0 in ce-deploy. + + * community.aws also needs pinning at version 5.5.0. + + * Adding week day support to clamscan cron. + + * Updating docs. + + * Supporting cron weekday for LetsEncrypt. + + * Removing deprecated 'warn' arg from shell. + + * Adding extra deploy perms for ECS and minor fixes. + + * No sense in building CF aliases if we do not need them. + + * Too many 'whens'. + + * ECR module missing vital params. + + * Failing because of undefined facts. + + * Making SimpleSAMLphp SP names more readable. + + * Fixing composer install bug introduced upstream, version param changed. + + * Docs update and supporting multiple LDAP TLS connections. + + * Forgot to add cert check var to pam_ldap. + + * Ensuring we benefit from latest 5.5.x AWS collections. + + * Allowing the python_boto … + + * Refactoring entire role structure. + + * Moving the wazuh role to debian packages. + + * Updating location of wazuh roles. + + * Migrating cron to systemd timers for ce_provision. + + * Migrating LE cron to systemd timer. + + * Updated docs. + + * Removing last cron mentions from ssl README. + + * Updated docs. + + * Migrating ldap_server role to using sysmtemd timer for backups. + + * Moving ossec-server to using systemd timers instead of cron. + + * New IAM fine-grained policies for AWS billing access. + + * Moving jenkins key renewal daily cron to a systemd timer. + + * Removing obsolete version-specific ansible tasks. + + * Moving Duplicity nightly backup job to a systemd timer. + + * Migrating clamav cron job to a systemd timer. + + * Documentation update. + + * Adding a systemd timer to upgrade Ansible. + + * Migrating ce_deploy role to venv and systemd timers. + + * Updating ce-dev config for 2.x dev. + + * Temporarily adding roles/ce_provision to .gitignore. + + --------- + + Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com> + Co-authored-by: Code Enigma CI + Co-authored-by: EmlynK + Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> + Co-authored-by: Dionisio + Co-authored-by: pascal + Co-authored-by: Jamie Wiseman + Co-authored-by: mdecorniquet <43240244+mdecorniquet@users.noreply.github.com> + Co-authored-by: Matthieu Decorniquet + Co-authored-by: Dionisio + Co-authored-by: Jean Pierre Dentone + Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> + Co-authored-by: tim + Co-authored-by: Nick Fawbert + Co-authored-by: Miro Michalicka + Co-authored-by: Miro Michalicka + Co-authored-by: Matej Stajduhar + Co-authored-by: Sunil Odedra <122627205+sunilodedra@users.noreply.github.com> + Co-authored-by: Sunny + Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com> + Co-authored-by: Matej Štajduhar <30931414+matej5@users.noreply.github.com> diff --git a/roles/debian/nginx/templates/nginx.conf.j2 b/roles/debian/nginx/templates/nginx.conf.j2 index 212b794a2..9d998313f 100644 --- a/roles/debian/nginx/templates/nginx.conf.j2 +++ b/roles/debian/nginx/templates/nginx.conf.j2 @@ -43,9 +43,9 @@ http { ssl_protocols {{ nginx.http.ssl_protocols }}; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; - {% if nginx.ssl_ciphers is defined and nginx.ssl_ciphers|length > 0 %} + {%- if nginx.ssl_ciphers is defined and nginx.ssl_ciphers|length > 0 %} ssl_ciphers {{ nginx.ssl_ciphers | join(':') }}; - {% endif %} + {%- endif %} ## # Logging Settings ## From 85dffe6dcd918b9365af9393293d8e23e52db2cb Mon Sep 17 00:00:00 2001 From: Drazen Date: Tue, 7 Oct 2025 16:18:52 +0200 Subject: [PATCH 2/3] Ciphers-change-nginx-template --- big_commit.txt | 488289 ---------------------------------------------- 1 file changed, 488289 deletions(-) delete mode 100644 big_commit.txt diff --git a/big_commit.txt b/big_commit.txt deleted file mode 100644 index 93c8635ac..000000000 --- a/big_commit.txt +++ /dev/null @@ -1,488289 +0,0 @@ -commit 6376946df44cbe4b672815b3bb69529acab05c17 -Author: Greg Harvey -Date: Fri Nov 10 14:20:59 2023 +0100 - - Devel 2.x (#1216) - - * R62347 fix postfix mail delivery pr devel (#791) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an includ… - - * Awscli version support pr devel (#793) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for… - - * Pin aws collection version pr devel (#796) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file… - - * Fix ce provision vars pr devel (#798) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for … - - * First attempt at an ELB role (#800) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Aws lb role pr devel (#801) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Fix debian release issues pr devel (#802) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file … - - * Linting fixes pr devel (#804) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML adm… - - * Aws lb role pr devel (#806) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Aws lb role pr devel (#807) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Linting fixes pr devel (#808) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML adm… - - * Aws lb role pr devel (#809) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Aws lb role pr devel (#810) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Aws lb role pr devel (#811) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Aws lb role pr devel (#812) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Linting fixes pr devel (#813) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML adm… - - * Aws lb role pr devel (#815) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Apache nginx tweaks pr devel (#817) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Asg no alb pr devel (#820) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins… - - * Ipv6 support pr devel (#822) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#823) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#824) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#825) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#826) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#827) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#828) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#829) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Linting fixes pr devel (#831) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML adm… - - * Ipv6 support pr devel (#833) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Ipv6 support pr devel (#834) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Npm support pr devel (#836) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Npm support pr devel (#837) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * User deploy key fix pr devel (#839) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Support private keys pr devel (#841) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Support private keys pr devel (#843) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Support private keys pr devel (#844) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Support private keys pr devel (#845) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Support private keys pr devel (#847) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Aws cli for ce roles pr devel (#848) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Efs role namespacing pr devel (#850) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Efs role namespacing pr devel (#852) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Make nginx ssl protocols modifiable pr devel (#853) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an inc… - - * Opcache vars pr devel (#854) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admi… - - * Namespacing fixes pr devel (#857) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Suppress ec2 creation pr devel (#867) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for … - - * Suppress ec2 creation pr devel (#869) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for … - - * Suppress ec2 creation pr devel (#870) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for … - - * Suppress ec2 creation pr devel (#871) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for … - - * Remove eip plugin pr devel (#795) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Linting fixes pr devel (#874) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML adm… - - * Namespacing fixes pr devel (#877) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Namespacing fixes pr devel (#879) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Namespacing fixes pr devel (#881) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Namespacing fixes pr devel (#883) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Namespacing fixes pr devel (#885) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Namespacing fixes pr devel (#886) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Namespacing fixes pr devel (#888) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mysql client options pr devel (#890) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Mysql client options pr devel (#893) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Ec2 instance refresh pr devel (#895) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Clamav cron pr devel (#898) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Clamav cron pr devel (#901) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Clamav cron pr devel (#902) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Clamav cron pr devel (#903) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Mattermost config pr devel (#904) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#907) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#909) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#910) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#911) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#913) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#915) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Mattermost config pr devel (#917) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Sl le flags pr devel (#919) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admin… - - * Mattermost config pr devel (#921) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML… - - * Apache role files block pr devel (#926) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file fo… - - * Fixed apache role files block pr devel (#928) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include f… - - * Lhci: Debian backports only for Buster (#897) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include f… - - * R64279 fix nsswitch template pr devel (#929) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include fi… - - * R64239 disable nginx version in headers pr devel (#932) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an… - - * Ec2 instance refresh pr devel (#936) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for S… - - * Remove opcache pr devel (#934) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML ad… - - * Set python version pr devel (#938) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAM… - - * Set python version pr devel (#940) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAM… - - * Set python version pr devel (#941) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAM… - - * Wazuh pr devel (#943) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#945) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#946) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#947) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#948) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#949) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#950) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Wazuh pr devel (#951) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * R64516 give nginx time to stop before certbot pr devel (#953) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and add… - - * Wazuh pr devel (#955) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * Undoing PR #542. - - * Wazuh pr devel (#957) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - … - - * R62850 install procmail pr devel (#958) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file fo… - - * Fix ci and docs pr devel (#960) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML a… - - * Sudo role pr devel (#962) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins.… - - * Sudo role pr devel (#964) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins.… - - * Sudo role pr devel (#966) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins.… - - * Sudo role pr devel (#968) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins.… - - * Unattended upgrades pr devel (#970) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#972) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#973) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#974) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#975) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#976) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#977) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Unattended upgrades pr devel (#978) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Sudo fix pr devel (#981) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - … - - * Unattended upgrades pr devel (#979) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Allow user to set cachetool version in the opcache role. (#665) - - * Allow user to set cachetool version in the opcache role. - - * Adding a comment for a future improvement. - - * Adding a 'repack' option for AMIs and ASGs. (#675) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Ami repack option pr 1.x (#707) - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - * Fixing EC2 instance look-up to use cluster name. - - * Separating AMI provisioning tasks into a tasks file that can be included. - - * Refactoring AMI operation to allow current behaviour to remain default. - - * Trying to delegate tasks to target repack instance. - - * Switching from import_tasks to include_tasks. - - * Fixing the instance DNS name var. - - * Changing approach to make a standalone machine to generate AMI from. - - * Gah! Typo! - - * AMI generation requires region and profile. - - * Didn't wrap instance_id lookup properly. - - * Fixing some missing namespaces. - - * Missed a bad var when fixing. - - * Adding full set of variables for EC2 instance. - - * Fixing AWS SSH key name. - - * Decided not to use the EC2 + EIP role. - - * Trying to add a pause after instance launch. - - * Passing the target branch to Ansible as a var. - - * Support absolute paths to playbooks. - - * Refactoring to make ce-provision call itself for AMI packing tasks. - - * Doubled up the script path. - - * Switching to base dir var for ce-provision call. - - * Moving temp EC2 instances for AMI creation to subnet with IGW. - - * State of EC2 instance needs to be started instead of running. - - * We need to delete the AMI we created before making another one. - - * Refactoring AMI repack variables for readability and removing volume size. - - * Missed a refactored var. - - * Defending against AMI volume size issues for ASGs. - - * Refactoring extra vars handling. - - * For some reason Packer seems to double the brackets. - - * Revert "For some reason Packer seems to double the brackets." - - This reverts commit 13ee8df42b80b102e9e19a01407b3afb69952ee5. - - * Fixing packer.json white space. - - * We need to reset the _aws_ami_extra_vars variable to an empty string before we rebuild it. - - * Slight refactor to move the extra vars building to the relevant included tasks. - - * Slight documentation change. - - * Moved config extra vars to ce-provision as they are globally sane. - - * Error in jinja list building for RDS. - - * Trailing VPC ID fields using the wrong variable. - - * Editing GitLab config so LE is enabled and auto-renewing by default. (#709) - - * Provide profile and region when creating an RDS parameter group, and also provide ability to set the parameter group for an Aurora RDS instance. (#712) - - * Add a task in ASG role to add an Aurora RDS endpoint. (#714) - - * Ssl le fixes pr 1.x (#725) - - * Allow multiple domains to be passed. - - * Ensuring we don't break older implementations. - - * First pass at a bash script we can run on cron for LE renewals. - - * Place the autorenewal script and create a cron entry. - - * Allowing the HTTP-01 listen port to be set to something other than 80. - - * Need single quotes within our double quotes. - - * Adding optional proxy for LE. - - * Revert "Adding optional proxy for LE." - - This reverts commit cf5720b450744915872eacafee82164300df90aa. - - * Adding support for apache and nginx plugins for certbot. - - * Fixing quote error. - - * Fixing SSL LE handilng and ensuring other handlers work with multiple provided domains. - - * Fixing issue with selecting first domain. - - * Correcting variable names. - - * LE cron template missing an endfor. - - * Missing carriage return in LE cron script. - - * Turns out you can't alter facts passed in via vars by include_role. - - * Fixing SSL defaults. - - * Realised if there are multiple different LE runs each needs it's own renewal cron. - - * Ensure builds don't fail if ssl.web_server isn't provided. - - * Defending against empty SSL services list. - - * Improving vhost template LE handling. - - * Adjusting SSL cert and key var names. - - * Adding a temporary vhost so newly added domains can request LE certs. - - * Tabbing error. - - * Fixing possible 'resolver' errors in Nginx if you use localhost. - - * Renaming loopvar from domain to certificate_domain to avoid clash with nginx role. - - * Tweaking Nginx LE handling and making certbot commands customisable. - - * Fixing minor typo. - - * Trying giving include_role the public flag. - - * Documentation updates. - - * Adding default value to Nginx vhost template. - - * Move drupal8 install/update config to drupal_common under if local block. (#733) - - * WIP: 58848 apache role pr 1.x (#667) - - * Catching up devel. (#243) - - * Devel (#175) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - Co-authored-by: EmlynK - - * Override fastcgi_read_timeout in Nginx (#41) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Add ability to override Nginx fastcgi_read_timeout value. - - Co-authored-by: Greg Harvey - - * Generate saml sso requirements devel (#42) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - Co-authored-by: EmlynK - - * Generate saml sso requirements devel (#43) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Wrapping the LinOTP code in the SAML template in an 'if' statement. - - * Extending the check to make sure LinOTP var isn't empty. - - * Removing references to LDAP in SAML groups attribute config, no need to assume. - - * Adding docs for the aws_iam_saml role. - - Co-authored-by: EmlynK - - * Adding aws_iam_saml docs (#45) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. (#40) - - * Generate saml sso requirements 1x (#44) - - * Wrong filter for efs info - - * Fix indentation error - - * Do not purge tags on existing EFS - - * Wrong name for updating EFS targets - - * Remove leftover loop - - * Fix error in subnet gathering - - * Split EFS creation - - * Use subnet ids - - * Wrong var name - - * Remove dead code - - * Wrong var - - * Missing subnet ids - - * Try not to loose existing SGs - - * Try to dedupe targets - - * Wrong syntax for combine - - * Typo in combining tupples - - * Wrong var name for append items - - * Fix appending subnets - - * Wrong list transformation - - * Switch to community module for efs - - * Remove unecessary complexity - - * Update documentation - - * Comment out Redefine Autoscale groups task for now and move some of its parameters to the other ASG creation task. - - * Remove replace_batch_size from ASG creation task, so it now defaults to 1. - - * Wrap Postfix handler commands in quotes. (#26) - - * Try using shell instead of command in Postfix handlers. - - * GitHub Actions integration (#29) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#32) - - Co-authored-by: Emlyn Kinzett - - * Fix alb health check (#31) - - * It's traffic-port, not target-port. Doh. - - * Update documentation. - - Co-authored-by: Emlyn Kinzett - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Generate saml sso requirements (#33) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Generate saml sso requirements devel (#36) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * Cleaning variables to be generic and improving LDAP role handling. - - Co-authored-by: EmlynK - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Generate saml sso requirements devel (#37) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Adding note on existence of 'config' directory for de-deploy to work. - - * Adding link to provided example config directory. - - Co-authored-by: EmlynK - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SAML admins. - - * Renaming template file for SAML admins. - - * phpfpm variables (#38) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Adding some PHP pool values that can be tweaked and the default_socket_timeout in php.ini. - - Co-authored-by: Greg Harvey - - * Adding tasks for handling SimpleSAMLphp repo actions. - - * Refactoring git commits to defend against existing files causing commit fails. - - * Moving X509Certificate to a variable. - - * Generate saml sso requirements devel (#39) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Adding AWS CLI and credentials files to local ce-dev. - - * New AWS IAM Ansible role for creating the necessary IdP and role for admin access. - - * GitHub actions into v1. (#30) - - * Adding Super Linter workflow for GitHub Actions. - - * Adding the documentation checker. - - * Getting GitHub Actions to continue on failure. - - * Seeing if Git exists. - - * Missing space. - - * Re-adding the checkout and the git commands. - - * Trying Pascal's script. - - * Adding both lines to the same 'run' command. - - * GitHub Actions wtf - splitting into two steps. - - * Trying steps on branch name. - - * Trying steps on branch name AGAIN. - - * Would be good to get the syntax right. - - * Trying different quotes. - - * Checking the contents of the github.ref variable. - - * Trying to add in Pascal's testing step. - - * Adding in /bin/sh to hopefully make test.sh run. - - * Google says try it with /bin/bash. - - * Trying a different Ubuntu version. - - * Installing net-tools to have ifconfig. - - * Updating testing shell (#28) - - * Use correct variable when setting the RDS instance type as part of ASG creation. (#27) - - * Fixing test.sh to explicitly call bash. - - GitHub Actions only supports Ubuntu containers and Ubuntu shell is dash by default, not bash. Consequently /bin/sh doesn't invoke bash, but dash, which causes some unexpected errors down the line. - - Co-authored-by: EmlynK - - * We probably don't need /bin/bash - - * Making test.sh executable. - - * Checking shell. - - * Explicitly setting shell to bash in provision.sh. - - * Trying ubuntu-16.04 as Travis used this. - - * Putting shell back. - - * Update provision.sh - - * Making /bin/bash the shell. - - * Making /bin/bash the shell for provision. - - * Explicitly stating bash again in YML. - - * Turns out the mkcert binary is out of date. - - * Compiled mkcert from source. - - * Fixing curl error. - - * Switching to wget. - - * Starting the linter again and renaming job. - - * Only lint changed files. - - * Linting a non-existent branch! - - * Tidying the documentation check. - - * Revert "Making /bin/bash the shell for provision." - - This reverts commit f5f35818205cd364a66a6e51c9f9d8254f016422. - - * Revert "Making /bin/bash the shell." - - This reverts commit df585b36877aa2328adc228cd8f76950e2853d36. - - * Revert "Tidying the documentation check." - - This reverts commit a0c964e15003c8486f4d01232af6e855a475298e. - - * Swapping Super-Linter for ansible-lint. - - * Running ansible-lint directly in the container. - - * Updating to latest Ubuntu. - - * Revert "Fixing test.sh to explicitly call bash." - - This reverts commit 521279ebc16a4c4459c981bfb813cf6aa4d4f3ad. - - * Fixing ansible-lint issues. - - * Revert "Fixing ansible-lint issues." - - This reverts commit 08a74046d567ea80acc080ec3cec60a7f8ceed48. - - * Removing old travis config. - - * Spacing issue fix. - - * Running tests on pull_request only. - - Co-authored-by: EmlynK - - * Cleaning variables to be generic and improving LDAP role handling. - - * Adding modified iam_alis module found on GitHub. - - * Adding management of IAM account alias. - - * Revert "Merge branch 'devel' into generate_saml_sso_requirements" - - This reverts commit a4051979f45aa2518db36fd2f9c9751b0364b69c, reversing - changes made to b9e67325e2b69b9dd22483acaaec77ef80fa7177. - - * Fixing conflict with ce-dev/README.md. - - * Adding a template for SimpleSAMLphp account SPs. - - * Renaming template file for SAML and adding an include file for SA… - - * Sudo fix pr devel (#983) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Opensearch pr devel (#985) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Adding new AWS OpenSearch role. - - * Adding new lines. - - * Le fixes pr devel (#988) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. - - * Hostname handling pr devel (#990) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. - - * Hostname handling pr devel (#992) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr devel (#993) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Read only efs handling pr devel (#995) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. - - * Read only efs handling pr devel (#997) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Read only efs handling pr devel (#997)" (#998) - - This reverts commit b46b3642320665f9647f87d4dba6bdf56c8d4125. - - * Revert "Read only efs handling pr devel (#995)" (#999) - - This reverts commit 02baa1c6635515a7fe6cf72721698b81f9906dc7. - - * Read only efs handling pr devel (#1001) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Read only efs handling pr devel (#1001) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Cloudwatch alarms pr devel (#1004) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. - - * Cloudwatch alarms pr devel (#1006) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr devel (#1008) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr devel (#1010) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Le reload on renew pr devel (#1012) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Ldap le group pr devel (#1014) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. - - * Improved rkhunter conf pr devel (#1016) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr devel (#1018) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * Rkhunter command pr devel (#1020) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command - - --------- - - Co-authored-by: Greg Harvey - - * Rkhunter command pr devel (#1023) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command - - * add_quotes - - --------- - - Co-authored-by: Greg Harvey - - * Bug fixes pr devel (#1024) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1026) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1027) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1028) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1031) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1033) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1036) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1039) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1040) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1041) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1042) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1043) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1044) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1046) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Bug fixes pr devel (#1051) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Lhci software versions pr devel (#1049) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Allowing setting of package versions for LHCI. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Fix pyyaml pr devel (#899) - - * Fixing PyYAML version issues with linters. - - * Tweaking order to ensure we have clean Ansible before we install other packages. - - * cloud-init needs to come from Apt. - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Removing leaked devel changes. - - * Removing leaked devel changes. - - --------- - - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - - * Optional linters pr devel (#1054) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - … - - * Bug fixes pr devel (#1056) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1058) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1060) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1062) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Pin community.aws to v5.5.0 (#1063) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set t… - - * Bug fixes pr devel (#1065) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1067) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * R65626 rkhunter ssh config pr devel (#1070) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because … - - * Tidying up task output pr devel (#1072) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of L… - - * Apt extra packages cache update change pr devel (#1074) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in… - - * R65886 unattended upgrades schedule conf pr devel (#1084) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role … - - * Ecs clusters pr devel (#1088) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * Update defaults pr devel (#1080) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - … - - * Check that vars_dirs locations exist devel (#1082) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI b… - - * Sudo ldap config pr devel (#1092) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - … - - * Ecs clusters pr devel (#1090) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * LDAP endpoints already contain protocol. (#1096) - - * Ecs clusters pr devel (#1095) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * Ecs clusters pr devel (#1100) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * Ecs clusters pr devel (#1102) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * Ecs clusters pr devel (#1103) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * Ecs clusters pr devel (#1104) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * … - - * Bug fixes pr devel (#1105) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * R65800 unpin boto3 version pr devel (#1107) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because … - - * Bug fixes pr devel (#1111) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1113) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1115) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1117) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1119) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1121) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1123) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1126) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1128) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1130) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1131) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1132) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1133) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * R66519 r66187 fix postfix transport map db pr devel (#1135) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta rol… - - * Bug fixes pr devel (#1137) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Bug fixes pr devel (#1140) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - *… - - * Vhosts handling pr devel (#1142) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - … - - * Opensearch fix pr devel (#1144) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - … - - * Opensearch fix3 pr devel (#1146) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - … - - * Opensearch fix4 pr devel (#1148) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - … - - * Bug fixes pr devel (#1151) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fi… - - * Bug fixes pr devel (#1152) - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing di… - - * Bug fixes pr devel (#1153) - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * … - - * Bug fixes pr devel (#1155) - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh … - - * Bug fixes pr devel (#1157) - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature bra… - - * Bug fixes pr devel (#1159) - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to… - - * Bug fixes pr devel (#1160) - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need … - - * Bug fixes pr devel (#1161) - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to … - - * r66647-changing-cloudalchemy-to-prometheus - - * Bug fixes pr devel (#1163) - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds.… - - * Bug fixes pr devel (#1166) - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - … - - * R65629 update cron reload to use full service binary path pr devel (#1167) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the … - - * Bug fixes pr devel (#1172) - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS AP… - - * Duplicity apt to pip install role pr devel (#1174) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI b… - - * We dont need to json filter anymore pr devel (#1177) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI… - - * Ansible 2.15.3 bug workaround attempt pr devel (#1179) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in … - - * Bug fixes pr devel (#1181) - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management … - - * Bug fixes pr devel (#1183) - - * Fixing pipefail linting issues. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Missed one! - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS … - - * Rkhunter pkgmgr pr devel (#1184) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - … - - * R66858 updating aws efs client to use correct variables pr devel (#1190) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the de… - - * Bug fixes pr devel (#1192) - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domai… - - * Bug fixes pr devel (#1193) - - * Moving executable to args. - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains … - - * Bug fixes pr devel (#1195) - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#676) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra opti… - - * Bug fixes pr devel (#1197) - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Remove alb healthchecks pr 1.x (#673) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - * Adding a 'repack' option for AMIs and ASGs. - - * Adding an option to force a Packer rebuild in an ASG. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#676) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string… - - * R57339 adding autodiscovery block in dupal common pr devel (#1199) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy m… - - * Bug fixes pr devel (#1201) - - * Bug fixes pr 1.x (#1057) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Bug fixes pr 1.x (#1059) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Update amazon.aws to 5.5.0. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * Upgrading to Debian 11 for new machines. (#1061) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Pin community.aws to v5.5.0 (#1064) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Bug fixes pr 1.x (#1066) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Bug fixes pr 1.x (#1068) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * R65626 rkhunter ssh config pr 1.x (#1071) - - * r65626 fix rkhunter config to match sshd_config - - * add Protocol var for ssh template - - * tidying_up_task_output (#1073) - - * apt_extra_packages_cache_update_change (#1075) - - * r65886 unattended-upgrades schedule refreshes (#1085) - - * Update defaults pr 1.x (#1081) - - * Fixing up ce-provision defaults to latest stable or LTS versions. - - * Updating docs. - - * Adding ElastiCache role and docs for rkhunter and sshd. (#1089) - - * Adding handling for /etc/sudo-ldap.conf. (#1093) - - * Check that vars_dirs locations exist. (#1083) - - * LDAP endpoints already contain protocol. (#1097) - - * Ecs clusters pr 1.x (#1091) - - * Adding ElastiCache role and docs for rkhunter and sshd. - - * Re-ordering main tasks into a logical sequence and adding ECS creation. - - * Double name accidentally introduced. - - * Ecs clusters pr 1.x (#1101) - - * Adding ElastiCache role and docs for rkhunter and sshd. - - * Re-ordering main tasks into a logical sequence and adding ECS creation. - - * Double name accidentally introduced. - - * AWS LC migration to launch templates. - - * Forgot to add region, profile and tags for Elasticache. - - * Elasticache plugin doesn't support tags. - - * Adding subnet group creation. - - * Adding TODO for future memcached handling. - - * Removing deprecated 'warn' arg from shell. - - * Bug fixes pr 1.x (#1106) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * unpin boto3 version but leave ensure present task for now (#1108) - - * Adding extra deploy perms for ECS and minor fixes. - - * Bug fixes pr 1.x (#1112) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * Bug fixes pr 1.x (#1114) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Bug fixes pr 1.x (#1116) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Bug fixes pr 1.x (#1118) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Bug fixes pr 1.x (#1120) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Bug fixes pr 1.x (#1122) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Bug fixes pr 1.x (#1124) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Bug fixes pr 1.x (#1127) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Bug fixes pr 1.x (#1129) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Adding new AWS OpenSearch role. (#986) - - * Adding new AWS OpenSearch role. - - * Adding new lines. - - * move transport and sasl_passwd db generation from handler to task (#1136) - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Bug fixes pr 1.x (#1138) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Bug fixes pr 1.x (#1141) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * vhosts_handling (#1143) - - * vhosts_handling - - * opensearch typo fix - - * opensearch_fix (#1145) - - * fix policy file type (#1147) - - * opensearch_fix4 (#1149) - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Bug fixes pr 1.x (#1150) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Bug fixes pr 1.x (#1154) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Bug fixes pr 1.x (#1156) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Putting the ssh_server role higher up in meta plays. - - * Using jinja2 to set a default PermitRootLogin variable in rkhunter. - - * Missed an instance of galaxy management for ce_deploy. - - * Missed ANOTHER instance of galaxy management for ce_deploy. - - * Bug fixes pr 1.x (#1158) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix … - - * Bug fixes pr devel (#1203) - - * No loop for galaxy, so cannot use 'item'. - - * Bug fixes pr 1.x (#1059) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Update amazon.aws to 5.5.0. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * Upgrading to Debian 11 for new machines. (#1061) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Pin community.aws to v5.5.0 (#1064) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Bug fixes pr 1.x (#1066) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Bug fixes pr 1.x (#1068) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * R65626 rkhunter ssh config pr 1.x (#1071) - - * r65626 fix rkhunter config to match sshd_config - - * add Protocol var for ssh template - - * tidying_up_task_output (#1073) - - * apt_extra_packages_cache_update_change (#1075) - - * r65886 unattended-upgrades schedule refreshes (#1085) - - * Update defaults pr 1.x (#1081) - - * Fixing up ce-provision defaults to latest stable or LTS versions. - - * Updating docs. - - * Adding ElastiCache role and docs for rkhunter and sshd. (#1089) - - * Adding handling for /etc/sudo-ldap.conf. (#1093) - - * Check that vars_dirs locations exist. (#1083) - - * LDAP endpoints already contain protocol. (#1097) - - * Ecs clusters pr 1.x (#1091) - - * Adding ElastiCache role and docs for rkhunter and sshd. - - * Re-ordering main tasks into a logical sequence and adding ECS creation. - - * Double name accidentally introduced. - - * Ecs clusters pr 1.x (#1101) - - * Adding ElastiCache role and docs for rkhunter and sshd. - - * Re-ordering main tasks into a logical sequence and adding ECS creation. - - * Double name accidentally introduced. - - * AWS LC migration to launch templates. - - * Forgot to add region, profile and tags for Elasticache. - - * Elasticache plugin doesn't support tags. - - * Adding subnet group creation. - - * Adding TODO for future memcached handling. - - * Removing deprecated 'warn' arg from shell. - - * Bug fixes pr 1.x (#1106) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * unpin boto3 version but leave ensure present task for now (#1108) - - * Adding extra deploy perms for ECS and minor fixes. - - * Bug fixes pr 1.x (#1112) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * Bug fixes pr 1.x (#1114) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Bug fixes pr 1.x (#1116) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Bug fixes pr 1.x (#1118) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Bug fixes pr 1.x (#1120) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Bug fixes pr 1.x (#1122) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Bug fixes pr 1.x (#1124) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Bug fixes pr 1.x (#1127) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Bug fixes pr 1.x (#1129) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Adding new AWS OpenSearch role. (#986) - - * Adding new AWS OpenSearch role. - - * Adding new lines. - - * move transport and sasl_passwd db generation from handler to task (#1136) - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Bug fixes pr 1.x (#1138) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Bug fixes pr 1.x (#1141) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * vhosts_handling (#1143) - - * vhosts_handling - - * opensearch typo fix - - * opensearch_fix (#1145) - - * fix policy file type (#1147) - - * opensearch_fix4 (#1149) - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Bug fixes pr 1.x (#1150) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Bug fixes pr 1.x (#1154) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Bug fixes pr 1.x (#1156) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Putting the ssh_server role higher up in meta plays. - - * Using jinja2 to set a default PermitRootLogin variable in rkhunter. - - * Missed an instance of galaxy management for ce_deploy. - - * Missed ANOTHER instance of galaxy management for ce_deploy. - - * Bug fixes pr 1.x (#1158) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Putting the ssh_server role higher up in meta plays. - - * Using jinja2 to set a default PermitRootLogin variable in rkhunter. - - * Missed an instance of galaxy management for ce_deploy. - - * Missed ANOTHER instance of galaxy management for ce_deploy. - - * Updating autoscale docs and adding ansible.windows collection for Wazuh. - - * Bug fixes pr 1.x (#1164) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - … - - * Nginx css js handling for drupal10 pr devel (#1205) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI … - - * Nginx css js handling for drupal10 pr devel (#1207) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI … - - * Organizing nginx config pr devel (#1208) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of … - - * Drupal10 nginx rule order fix pr devel (#1210) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 (#982) - - * Sudo fix pr 1.x (#984) - - * Changing sudoers order in nsswitch.conf - see https://unix.stackexchange.com/a/129080 - - * Making sudo_config role more flexible. - - * Improving nginx docs post-training. - - * Updating documentation files. - - * Minor LE SSL docs changes. (#989) - - * Adding the ability to set system hostname to hosts role. (#991) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Hostname handling pr 1.x (#994) - - * Adding the ability to set system hostname to hosts role. - - * Removing trailing space. - - * Adding new line at end of mailname.j2. - - * Adding the option to search for EFS file systems by ID. (#996) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Revert "Adding the option to search for EFS file systems by ID. (#996)" (#1000) - - This reverts commit 8cb9c9a4c3605270361c02c6a7eda9ed01477bde. - - * Read only efs handling pr 1.x (#1002) - - * Adding the option to search for EFS file systems by ID. - - * Slight EFS docs update. - - * Updating EFS docs. - - * Adding note on how to find creation_token. - - * Allowing empty lists for RDS cloudwatch alarms. (#1005) - - * Cloudwatch alarms pr 1.x (#1007) - - * Allowing empty lists for RDS cloudwatch alarms. - - * Removing presumption of AWS from gitlab_runner role. - - * Bug fixes pr 1.x (#1009) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Bug fixes pr 1.x (#1011) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Need to create the letsencrypt group, user plugin won't do it for you. (#1015) - - * Adding reload option for LetsEncrypt renewal. (#1013) - - * Adding reload option for LetsEncrypt renewal. - - * (Hopefully) fixing linting. - - * Missed a 'run' line. - - * Improved rkhunter conf pr 1.x (#1017) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Improved rkhunter conf pr 1.x (#1019) - - * Adding more variables for better control of rkhunter config. - - * Adding rkhunter docs. - - * Removing unnecessary quotes. - - * Defaulting automated rkhunter updates after apt runs. - - * rkhunter_web_command (#1021) - - * rkhunter_web_command - - * add_quotes - - * Bug fixes pr 1.x (#1025) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Bug fixes pr 1.x (#1032) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Bug fixes pr 1.x (#1034) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Bug fixes pr 1.x (#1037) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Bug fixes pr 1.x (#1045) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Bug fixes pr 1.x (#1047) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Bug fixes pr 1.x (#1052) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Allowing setting of package versions for LHCI. (#1050) - - * Fix pyyaml pr 1.x (#1053) - - * 58848 apache role pr devel (#668) - - * adding apache role - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Fixing some conf and vhost errors. - - * Removing empty line in gitlab_runner tasks. - - * Fixing up Apache role to configure PHP-FPM as the back-end for PHP. - - Co-authored-by: Jean Pierre Dentone - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#669) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#671) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Remove alb healthchecks pr devel (#672) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Gitlab runner service override pr 1.x (#591) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI because of LDAP. - - * Changing dir perms and adding a force. - - * Debugging gitlab-runner directory creation issues in CI. - - * Fixing linting error. - - * Removing verbosity again but leaving 'stat' command in. - - * Pass db_cluster_identifier for RDS instance during ASG build (#600) - - * Pass RDS db_cluster_identifier, if present, during an ASG build. - - * Use correct variable name for RDS db_cluster_identifier. - - * Add a commented variable to ASG role for db_cluster_identifier so it's documented. - - * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) - - * Removing obsolete MySQL config option log_syslog from template. (#607) - - * GitHub Actions - Rebuilt documentation. (#536) - - Co-authored-by: Code Enigma CI - - * Consistent default region pr 1.x (#611) - - * Moving all region settings to _aws_region var and adding README update. - - * Documentation update. - - * No need for region, IAM SAML setup is global, (#617) - - * Support ebs encryption pr 1.x (#609) - - * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. - - * Setting more sane default instance sizes. - - * Adding more EBS options for ASGs. - - * Setting encryption to match AMI settings. - - * Setting encryption to match AMI settings. - - * We also need to dynamically set the ASGs own encrypt_boot var. - - * We need to merge the new branch changes before we can rebuild the docs. - - * Fixing merge command in CI. - - * Not sure toc.sh is actually executing. - - * Refactoring encrypt EBS flags to avoid detected loop condition in vars. - - * Safer CI, only adds .md files. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying to figure out CI logic for building docs. - - * Trying adding a git pull. - - * Setting git pull config options. - - * Reordering things. - - * Adding --allow-unrelated-histories to the git pull. - - * Trying a feature branch approach. - - * Forcing the GitHub action to fetch all git history. - - * Bad whitespace, naughty whitespace. - - * Trying a different PR action. - - * Do not merge the branch in, we only want the markdown changes. - - * Keeping the documentation branch clean. - - * We need to push a detached HEAD. - - * Do we need the checkout at all? - - * Adding a docs pull. - - * Allow install|update scripts in Drupal8+ (#599) - - * Add some flexibility to Packer (#633) - - * Add ability to pass on-error and force to Packer. - - * Add new Packer options to the ASG role as well. - - * Packer build options need to be declared before the file that is being built. - - * Allow Packer ssh_username to be set. - - * Making PHP >= 8.0 compatible (#634) - - * Packer VPC filtering (#638) - - * Add ability to set vpc_filter and subnet AZ for Packer builds. - - * Add fqcn-builtins to .ansible-lint warn_list for now. - - * GitHub Actions seemingly ignores warn_list. - - * Use simplified variables for Packer VPC stuff. - - * Only use one filter when filtering VPCs for Packer. - - * Cert management pr 1.x (#640) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Cert management pr 1.x (#642) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * Cert management pr 1.x (#644) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Cert management pr 1.x (#647) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Fix Nginx auth_message in vhost (#653) - - * Revert auth_message change in Nginx role for now. - - * Revert "Revert auth_message change in Nginx role for now." - - This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. - - * Add default for Nginx auth_message. - - * Cert management pr 1.x (#655) - - * Making sure we can't accidentally commit AWS API credentials. - - * Initial commit of ACM role. - - * Only pause for a get-certificate call if we want to export. - - * Updating docs. - - * Missed a couple of variables to update. - - * We cannot rely on the variable being nonexistent here. - - * Allowing ce-provision to set the basic auth message for Nginx. - - * Supporting SAN certs and tags on ACM certificates. - - * Fixing namespacing. - - * Auto-generating SSL certs for ALB and CloudFront. - - * More namespace fixes. - - * Fixing CI issue with missing AWS region var. - - * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. - - * Adding public IP option to LC config for ASGs. - - * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. - - * Fixing mistake in domains set_fact. - - * Fixing AnsibleUndefined bug caused by skipped task. - - * Handling multiple domain validations for SAN certs. - - * Fixing bad variable name. - - * Fixing ASG DNS entries so it adds entries for SAN cert domains too. - - * For DNS validation we should not use --domain-validation-options at all. - - * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. - - * Bad dict structure. - - * Improving multi domain handling for ASG DNS. - - * Supporting multiple CloudFront aliases for an ASG. - - * Adding options to disable sign-up, sign-in and private projects. (#663) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making ALB healthchecks optional and defaulting to disabled. (#670) - - * Making ALB healthchecks optional and defaulting to disabled. - - * Defaulting back to ELB health checks. - - * Making sure new clusters won't fail because no ALB yet. - - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - - * Ami repack option pr devel (#674) - - * GitHub Actions - Rebuilt documentation. - - * Need to check if is_local is defined in webserver meta dependencies. (#522) - - * Ce dev refactor pr 1.x (#518) - - * Making it easier to test with provision-target and ce-dev. - - * Moving the provision forcing var back to plays so _init has it. - - * Adding defaults vars and test script extra options. - - * Adding a web server test to CI. - - * examples string needs to be in quotes. - - * Making sure is_local and _ce_provision_force_play are available to the _init role. - - * Adding SSH keys to the provision user. - - * Adding a --force to the test script. - - * Explicitly adding vars to role. - - * Fixing _init behaviour and adding SSH key for web role. - - * Setting default PHP version to 7.4. - - * Looking up the generated ce-dev SSH key instead of hard-coding one. - - * We cannot run the ssh_server role locally, so excluding for tests of webserver role. - - * Trying to remove user_root.yml in case it's breaking CI. - - * Adding a verbose mode to the test script. - - * Exposing the command in the test script. - - * Trying hard-coded keys again. - - * Changing location of data dir for test containers. - - * Putting vars back and restricting CI to the 'web' example. - - * Adding backup handling to ldap_server. (#525) - - * Adding backup handling to ldap_server. - - * Improving SSL docs and handling perms for openldap and letsencrypt. - - * Cron user must be specified with file. - - * Running as root, do not need a 'sudo' in this cron. - - * Allowing 'gitLab' to disable Prometheus. (#530) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * GitHub Actions - Rebuilt documentation. (#526) - - Co-authored-by: Code Enigma CI - - * Prometheus pr 1.x (#533) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Add private files support for Drupal in Nginx. (#535) - - * Prometheus pr 1.x (#539) - - * Allowing 'gitLab' to disable Prometheus. - - * Booleans to use in jinja2 as strings must be cast as strings. - - * Tidying up CI and adding a GitLab test. - - * Fixing CI job description. - - * Adding a firewall config preset to open port 80 for LetsEncrypt. - - * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) - - * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) - - This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. - - * Backing out of Packer logging. - - * Moving key servers to a variable so we can set them. (#555) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Adding a reboot option to the patching role. (#557) - - * Add minimal support for Aurora RDS instances (#567) - - * Attempt to create an RDS read replica. - - * Use new task to create Aurora RDS instances. - - * Try and fix linting issues. - - * Don't pass max_storage variable for Aurora instances. - - * Remove more storage related vars from Aurora RDS instance creation task. - - * Add profile and region to read replica creation. - - * Try creating the Aurora read replica another way. - - * Add some debug info. - - * Work around the silly registering of variables in Ansible. - - * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. - - * Add some Aurora info to aws_rds README file. - - * Use reader instead of replica for Aurora readers. - - * Remove db_cluster_identifier variable from non-Aurora RDS task. - - * Gpg servers fix pr 1.x (#571) - - * Moving key servers to a variable so we can set them. - - * Allowing us to disable sending keys completely. - - * Oops, doubled up on existing functionality. - - * Fixing var name. - - * Using a pipe to grep with 'command' cannot work, refactoring. - - * Making CI use the meta deploy role to test gitlab. - - * We mustn't assume AWS servers for deploy and controller. - - * Support termination protection in EC2. (#573) - - * Support termination protection in EC2. - - * Fixing CI vars. - - * Fixing CI vars. - - * Fix managed SSL key perms and the variable used for the private key. (#575) - - * Ec2 subnet lookup pr 1.x (#583) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Ec2 subnet lookup pr 1.x (#589) - - * First pass at EC2 subnet detection. - - * Touching subnet file to ensure it exists. - - * Trying a different approach, file module didn't work. - - * Switching back to file module. - - * We need to create the directory for new servers too. - - * Bad variable name. - - * Changing subnet lookup order to check for defined subnet first. - - * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) - - * Fixing gitlab-runner overriders so upgrades do not break the runner. - - * Fixing override file template. - - * Hopefully fixing CI. - - * Making sure the service directory exists. - - * We cannot use the deploy meta role in CI becau… - - * Bug fixes pr devel (#1212) - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * Upgrading to Debian 11 for new machines. (#1061) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Pin community.aws to v5.5.0 (#1064) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Bug fixes pr 1.x (#1066) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Bug fixes pr 1.x (#1068) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * R65626 rkhunter ssh config pr 1.x (#1071) - - * r65626 fix rkhunter config to match sshd_config - - * add Protocol var for ssh template - - * tidying_up_task_output (#1073) - - * apt_extra_packages_cache_update_change (#1075) - - * r65886 unattended-upgrades schedule refreshes (#1085) - - * Update defaults pr 1.x (#1081) - - * Fixing up ce-provision defaults to latest stable or LTS versions. - - * Updating docs. - - * Adding ElastiCache role and docs for rkhunter and sshd. (#1089) - - * Adding handling for /etc/sudo-ldap.conf. (#1093) - - * Check that vars_dirs locations exist. (#1083) - - * LDAP endpoints already contain protocol. (#1097) - - * Ecs clusters pr 1.x (#1091) - - * Adding ElastiCache role and docs for rkhunter and sshd. - - * Re-ordering main tasks into a logical sequence and adding ECS creation. - - * Double name accidentally introduced. - - * Ecs clusters pr 1.x (#1101) - - * Adding ElastiCache role and docs for rkhunter and sshd. - - * Re-ordering main tasks into a logical sequence and adding ECS creation. - - * Double name accidentally introduced. - - * AWS LC migration to launch templates. - - * Forgot to add region, profile and tags for Elasticache. - - * Elasticache plugin doesn't support tags. - - * Adding subnet group creation. - - * Adding TODO for future memcached handling. - - * Removing deprecated 'warn' arg from shell. - - * Bug fixes pr 1.x (#1106) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * unpin boto3 version but leave ensure present task for now (#1108) - - * Adding extra deploy perms for ECS and minor fixes. - - * Bug fixes pr 1.x (#1112) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * Bug fixes pr 1.x (#1114) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Bug fixes pr 1.x (#1116) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Bug fixes pr 1.x (#1118) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Bug fixes pr 1.x (#1120) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Bug fixes pr 1.x (#1122) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Bug fixes pr 1.x (#1124) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Bug fixes pr 1.x (#1127) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Bug fixes pr 1.x (#1129) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Adding new AWS OpenSearch role. (#986) - - * Adding new AWS OpenSearch role. - - * Adding new lines. - - * move transport and sasl_passwd db generation from handler to task (#1136) - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Bug fixes pr 1.x (#1138) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Bug fixes pr 1.x (#1141) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * vhosts_handling (#1143) - - * vhosts_handling - - * opensearch typo fix - - * opensearch_fix (#1145) - - * fix policy file type (#1147) - - * opensearch_fix4 (#1149) - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Bug fixes pr 1.x (#1150) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Bug fixes pr 1.x (#1154) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Bug fixes pr 1.x (#1156) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Putting the ssh_server role higher up in meta plays. - - * Using jinja2 to set a default PermitRootLogin variable in rkhunter. - - * Missed an instance of galaxy management for ce_deploy. - - * Missed ANOTHER instance of galaxy management for ce_deploy. - - * Bug fixes pr 1.x (#1158) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto role to set version. - - * Updating Packer version and adding README. - - * Ensuring 'cron' package is installed as in Debian 12 (bookworm) it isn't by default. - - * Making different tasks for pip3 per OS version. - - * Trying to install with pip3 and become: false. - - * Revert "Trying to install with pip3 and become: false." - - This reverts commit a47fdc72482ac6410956214113b173c760097421. - - * Installing nginx and mysql requirements for Python from apt in Debian 12. - - * Casting Linux major version as an int for comparison. - - * Only set cron updates for older Debian where pip3 is installed manually. - - * Adding README to boto3 role. - - * Some naming tidying up. - - * Preparing ldap_server role for Debian 12. - - * Preparing ansible role to work with Debian 12. - - * Ensuring cloud-init exists on EC2 instances. - - * Preparing ce_provision role for Debian 12. - - * Do not need extra pip3 lines now. - - * Tabbing error. - - * Restricting roles installed in containers. - - * Removing the build docs step so we just publish. - - * Adding AWS OpenSearch role docs. - - * Removing whitespace differences. - - * Adding bsd-mailx package to common_base so we always have the 'mail' command. - - * Supporting multiple LDAP servers for GitLab Premium. - - * Updating OpenSearch role docs. - - * Fix bug that causes plays with no directories provided to _init to fail. - - * Fixing variable for LDAP switch in Gitlab for CI builds. - - * Trying to run GitLab tests with ubuntu-latest to see if it fixes restart issues. - - * Seeing if a docker restart fixes DNS problems. - - * Adding a sudo to service restart. - - * Ensuring dnsmasq is present. - - * Using sudo for apt-get. - - * Adding Ansible verbosity and stopping resolved so dnsmasq can start. - - * apt needs resolved to fetch repos! - - * Playing with service order. - - * Commenting service handling. - - * Disabling GitLab tests. - - * Making requirements docs Debian version specific. - - * Putting the ssh_server role higher up in meta plays. - - * Using jinja2 to set a default PermitRootLogin variable in rkhunter. - - * Missed an instance of galaxy management for ce_deploy. - - * Missed ANOTHER instance of galaxy management for ce_deploy. - - * Updating autoscale docs and adding ansible.windows collection for Wazuh. - - * Bug fixes pr 1.x (#1164) - - * Fixing shell issues with new runners. - - * Putting quotes around basic auth password file for Nginx. - - * Must not surround SAN cert names with quotes for ACM. - - * Some LDAP services might not necessarily be there. - - * MySQL Server key out of date, moving to variable. - - * Incorrect MySQL repo key. - - * Trying a different key server. - - * Loading service information into ansible_facts. - - * Fixing vhost template bug that breaks LE. - - * Excluding firewall from container builds. - - * Fixing linting errors. - - * Trying to fix linter paths. - - * Removing trailing space in unattended-upgrades. - - * Fixing ansible.builtin namespacing for linting. - - * Fixing key-order linting issue in _init. - - * Got 'when' and 'block' the wrong way around. - - * One last ansible.builtin issue. - - * Fixing jinja in when. - - * Switching ignore_errors for failed_when. - - * Adding auto-upgrade cron to pip and ansible. - - * Create cron jobs to upgrade mandatory Galaxy collections. - - * Adding defaults for package upgrades. - - * Minor bug fix in galaxy handling. - - * Make sure we install galaxy collections as the controller user. - - * Literals need a double slash. - - * Adding Galaxy upgrades to ce-deploy as well. - - * Fixing inconsistent requirements.yml format for ce_deploy. - - * Fixing pipefail linting issues. - - * Missed one! - - * Adding executable to shell commands with pipefail set. - - * Moving executable to args. - - * Moving ansible-lint run to latest Ubuntu. - - * Trying the full Ansible namespace for ipsubnet() filter. - - * Improving galaxy upgrade handling and pinning amazon.aws collection at version 4.5.0. - - * Applying same galaxy changes to ce-provision. - - * No loop for galaxy, so cannot use 'item'. - - * Officially defaulting to Debian 11 (bullseye) for new machines. - - * Upgrading amazon.aws to v5.5.0 in ce-deploy. - - * community.aws also needs pinning at version 5.5.0. - - * Adding week day support to clamscan cron. - - * Updating docs. - - * Supporting cron weekday for LetsEncrypt. - - * Removing deprecated 'warn' arg from shell. - - * Adding extra deploy perms for ECS and minor fixes. - - * No sense in building CF aliases if we do not need them. - - * Too many 'whens'. - - * ECR module missing vital params. - - * Failing because of undefined facts. - - * Making SimpleSAMLphp SP names more readable. - - * Fixing composer install bug introduced upstream, version param changed. - - * Docs update and supporting multiple LDAP TLS connections. - - * Forgot to add cert check var to pam_ldap. - - * Ensuring we benefit from latest 5.5.x AWS collections. - - * Allowing the python_boto … - - * Refactoring entire role structure. - - * Moving the wazuh role to debian packages. - - * Updating location of wazuh roles. - - * Migrating cron to systemd timers for ce_provision. - - * Migrating LE cron to systemd timer. - - * Updated docs. - - * Removing last cron mentions from ssl README. - - * Updated docs. - - * Migrating ldap_server role to using sysmtemd timer for backups. - - * Moving ossec-server to using systemd timers instead of cron. - - * New IAM fine-grained policies for AWS billing access. - - * Moving jenkins key renewal daily cron to a systemd timer. - - * Removing obsolete version-specific ansible tasks. - - * Moving Duplicity nightly backup job to a systemd timer. - - * Migrating clamav cron job to a systemd timer. - - * Documentation update. - - * Adding a systemd timer to upgrade Ansible. - - * Migrating ce_deploy role to venv and systemd timers. - - * Updating ce-dev config for 2.x dev. - - * Temporarily adding roles/ce_provision to .gitignore. - - --------- - - Co-authored-by: nfawbert <62660788+nfawbert@users.noreply.github.com> - Co-authored-by: Code Enigma CI - Co-authored-by: EmlynK - Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> - Co-authored-by: Dionisio - Co-authored-by: pascal - Co-authored-by: Jamie Wiseman - Co-authored-by: mdecorniquet <43240244+mdecorniquet@users.noreply.github.com> - Co-authored-by: Matthieu Decorniquet - Co-authored-by: Dionisio - Co-authored-by: Jean Pierre Dentone - Co-authored-by: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> - Co-authored-by: tim - Co-authored-by: Nick Fawbert - Co-authored-by: Miro Michalicka - Co-authored-by: Miro Michalicka - Co-authored-by: Matej Stajduhar - Co-authored-by: Sunil Odedra <122627205+sunilodedra@users.noreply.github.com> - Co-authored-by: Sunny - Co-authored-by: drazenCE <140631110+drazenCE@users.noreply.github.com> - Co-authored-by: Matej Štajduhar <30931414+matej5@users.noreply.github.com> From 49b78862c2ca8a1c12cbe2202c62c7ef48fa5dbc Mon Sep 17 00:00:00 2001 From: Drazen Date: Tue, 7 Oct 2025 16:45:04 +0200 Subject: [PATCH 3/3] Ciphers-change-nginx-template-PR-2.x --- roles/debian/nginx/templates/nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/debian/nginx/templates/nginx.conf.j2 b/roles/debian/nginx/templates/nginx.conf.j2 index 9d998313f..9ca7b3557 100644 --- a/roles/debian/nginx/templates/nginx.conf.j2 +++ b/roles/debian/nginx/templates/nginx.conf.j2 @@ -43,7 +43,7 @@ http { ssl_protocols {{ nginx.http.ssl_protocols }}; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; - {%- if nginx.ssl_ciphers is defined and nginx.ssl_ciphers|length > 0 %} + {% if nginx.ssl_ciphers is defined and nginx.ssl_ciphers|length > 0 -%} ssl_ciphers {{ nginx.ssl_ciphers | join(':') }}; {%- endif %} ##